[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.11-25-gde29a50

by Werner Koch cvs at cvs.gnupg.org
Tue Dec 11 18:16:31 CET 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  de29a50e7c8a779ac0832a149bcf3eb2c4191dc9 (commit)
       via  0cf0f3aaf835d29848f1485df357606254ba6fad (commit)
      from  e5abdb6da7fa7cd4d146c7285b160277511bc230 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit de29a50e7c8a779ac0832a149bcf3eb2c4191dc9
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Dec 11 18:12:51 2018 +0100

    agent: Make the S2K calibration time runtime configurable.
    
    * agent/protect.c (s2k_calibration_time): New file global var.
    (calibrate_s2k_count): Use it here.
    (get_calibrated_s2k_count): Replace function static var by ...
    (s2k_calibrated_count): new file global var.
    (set_s2k_calibration_time): New function.
    * agent/gpg-agent.c (oS2KCalibration): New const.
    (opts): New option --s2k-calibration.
    (parse_rereadable_options): Parse that option.
    --
    
    Note that using an unrelistic high value (like 60000) takes quite some
    time for calibration.
    
    GnuPG-bug-id: 3399
    Signed-off-by: Werner Koch <wk at gnupg.org>
    (cherry picked from commit cbcc8c19541fe8407f3b6588fce1535c64cf6b25)

diff --git a/agent/agent.h b/agent/agent.h
index cf50d92..2b045f8 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -486,6 +486,7 @@ gpg_error_t agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey,
                                      char **passphrase_addr);
 
 /*-- protect.c --*/
+void set_s2k_calibration_time (unsigned int milliseconds);
 unsigned long get_calibrated_s2k_count (void);
 unsigned long get_standard_s2k_count (void);
 unsigned char get_standard_s2k_count_rfc4880 (void);
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 1fdc94d..ffd85d1 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -135,6 +135,7 @@ enum cmd_and_opt_values
   oDisableScdaemon,
   oDisableCheckOwnSocket,
   oS2KCount,
+  oS2KCalibration,
   oAutoExpandSecmem,
   oListenBacklog,
 
@@ -253,6 +254,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"),
 
   ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
+  ARGPARSE_s_u (oS2KCalibration, "s2k-calibration", "@"),
 
   ARGPARSE_op_u (oAutoExpandSecmem, "auto-expand-secmem", "@"),
 
@@ -834,6 +836,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       /* Note: When changing the next line, change also gpgconf_list.  */
       opt.ssh_fingerprint_digest = GCRY_MD_MD5;
       opt.s2k_count = 0;
+      set_s2k_calibration_time (0);  /* Set to default.  */
       return 1;
     }
 
@@ -929,6 +932,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       opt.s2k_count = pargs->r.ret_ulong;
       break;
 
+    case oS2KCalibration:
+      set_s2k_calibration_time (pargs->r.ret_ulong);
+      break;
+
     default:
       return 0; /* not handled */
     }
diff --git a/agent/protect.c b/agent/protect.c
index 16ae715..134fbf2 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -71,6 +71,13 @@ static const struct {
 };
 
 
+/* The number of milliseconds we use in the S2K function and the
+ * calibrated count value.  A count value of zero indicates that the
+ * calibration has not yet been done or needs to be done again.  */
+static unsigned int s2k_calibration_time = AGENT_S2K_CALIBRATION;
+static unsigned long s2k_calibrated_count;
+
+
 /* A helper object for time measurement.  */
 struct calibrate_time_s
 {
@@ -175,11 +182,11 @@ calibrate_s2k_count (void)
       ms = calibrate_s2k_count_one (count);
       if (opt.verbose > 1)
         log_info ("S2K calibration: %lu -> %lums\n", count, ms);
-      if (ms > AGENT_S2K_CALIBRATION)
+      if (ms > s2k_calibration_time)
         break;
     }
 
-  count = (unsigned long)(((double)count / ms) * AGENT_S2K_CALIBRATION);
+  count = (unsigned long)(((double)count / ms) * s2k_calibration_time);
   count /= 1024;
   count *= 1024;
   if (count < 65536)
@@ -195,18 +202,30 @@ calibrate_s2k_count (void)
 }
 
 
+/* Set the calibration time.  This may be called early at startup or
+ * at any time.  Thus it should one set variables.  */
+void
+set_s2k_calibration_time (unsigned int milliseconds)
+{
+  if (!milliseconds)
+    milliseconds = AGENT_S2K_CALIBRATION;
+  else if (milliseconds > 60 * 1000)
+    milliseconds = 60 * 1000;  /* Cap at 60 seconds.  */
+  s2k_calibration_time = milliseconds;
+  s2k_calibrated_count = 0;  /* Force re-calibration.  */
+}
+
+
 /* Return the calibrated S2K count.  This is only public for the use
  * of the Assuan getinfo s2k_count_cal command.  */
 unsigned long
 get_calibrated_s2k_count (void)
 {
-  static unsigned long count;
-
-  if (!count)
-    count = calibrate_s2k_count ();
+  if (!s2k_calibrated_count)
+    s2k_calibrated_count = calibrate_s2k_count ();
 
   /* Enforce a lower limit.  */
-  return count < 65536 ? 65536 : count;
+  return s2k_calibrated_count < 65536 ? 65536 : s2k_calibrated_count;
 }
 
 
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index bcce033..3997d20 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -669,12 +669,19 @@ For an heavy loaded gpg-agent with many concurrent connection this
 option avoids sign or decrypt errors due to out of secure memory error
 returns.
 
+ at item --s2k-calibration @var{milliseconds}
+ at opindex s2k-calibration
+Change the default calibration time to @var{milliseconds}.  The given
+value is capped at 60 seconds; a value of 0 resets to the compiled-in
+default.  This option is re-read on a SIGHUP (or @code{gpgconf
+--reload gpg-agent}) and the S2K count is then re-calibrated.
+
 @item --s2k-count @var{n}
 @opindex s2k-count
 Specify the iteration count used to protect the passphrase.  This
 option can be used to override the auto-calibration done by default.
-The auto-calibration computes a count which requires 100ms to mangle
-a given passphrase.
+The auto-calibration computes a count which requires by default 100ms
+to mangle a given passphrase.  See also @option{--s2k-calibration}.
 
 To view the actually used iteration count and the milliseconds
 required for an S2K operation use:

commit 0cf0f3aaf835d29848f1485df357606254ba6fad
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Fri Sep 8 17:08:57 2017 -0400

    agent: compile-time configuration of s2k calibration.
    
    * configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
    AGENT_S2K_CALIBRATION (measured in milliseconds)
    * agent/protect.c (calibrate_s2k_count): Calibrate based on
    AGENT_S2K_CALIBRATION.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
    GnuPG-bug-id: 3399
    (cherry picked from commit 926d07c5fa05de05caef3a72b6fe156606ac0549)

diff --git a/agent/protect.c b/agent/protect.c
index 7b5abf2..16ae715 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -163,7 +163,7 @@ calibrate_s2k_count_one (unsigned long count)
 
 
 /* Measure the time we need to do the hash operations and deduce an
-   S2K count which requires about 100ms of time.  */
+   S2K count which requires roughly some targeted amount of time.  */
 static unsigned long
 calibrate_s2k_count (void)
 {
@@ -175,11 +175,11 @@ calibrate_s2k_count (void)
       ms = calibrate_s2k_count_one (count);
       if (opt.verbose > 1)
         log_info ("S2K calibration: %lu -> %lums\n", count, ms);
-      if (ms > 100)
+      if (ms > AGENT_S2K_CALIBRATION)
         break;
     }
 
-  count = (unsigned long)(((double)count / ms) * 100);
+  count = (unsigned long)(((double)count / ms) * AGENT_S2K_CALIBRATION);
   count /= 1024;
   count *= 1024;
   if (count < 65536)
diff --git a/configure.ac b/configure.ac
index 2c0bc80..919ab31 100644
--- a/configure.ac
+++ b/configure.ac
@@ -116,7 +116,6 @@ use_tls_library=no
 large_secmem=no
 show_tor_support=no
 
-
 GNUPG_BUILD_PROGRAM(gpg, yes)
 GNUPG_BUILD_PROGRAM(gpgsm, yes)
 # The agent is a required part and can't be disabled anymore.
@@ -247,6 +246,15 @@ fi
 AC_DEFINE_UNQUOTED(SECMEM_BUFFER_SIZE,$SECMEM_BUFFER_SIZE,
                    [Size of secure memory buffer])
 
+AC_MSG_CHECKING([calibrated passphrase-stretching (s2k) duration])
+AC_ARG_WITH(agent-s2k-calibration,
+              AC_HELP_STRING([--with-agent-s2k-calibration=MSEC],
+                             [calibrate passphrase stretching (s2k) to MSEC milliseconds]),
+              agent_s2k_calibration=$withval, agent_s2k_calibration=100)
+AC_MSG_RESULT($agent_s2k_calibration milliseconds)
+AC_DEFINE_UNQUOTED(AGENT_S2K_CALIBRATION, $agent_s2k_calibration,
+                   [Agent s2k calibration time (ms)])
+
 AC_MSG_CHECKING([whether to enable trust models])
 AC_ARG_ENABLE(trust-models,
               AC_HELP_STRING([--disable-trust-models],

-----------------------------------------------------------------------

Summary of changes:
 agent/agent.h      |  1 +
 agent/gpg-agent.c  |  7 +++++++
 agent/protect.c    | 35 +++++++++++++++++++++++++++--------
 configure.ac       | 10 +++++++++-
 doc/gpg-agent.texi | 11 +++++++++--
 5 files changed, 53 insertions(+), 11 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list